Adoptable Cookbooks List

Supermarket Belongs to the Community

Supermarket belongs to the community. While Chef has the responsibility to keep it running and be stewards of its functionality, what it does and how it works is driven by the community. The chef/supermarket repository will continue to be where development of the Supermarket application takes place. Come be part of shaping the direction of Supermarket by opening issues and pull requests or by joining us on the Chef Mailing List.

Requirements

Platforms

Chef

Cookbooks

Credentials

In order to manage AWS components, authentication credentials need to be available to the node. There are 3 ways to handle this:

explicitly pass credentials parameter to the resource

use the credentials in the ~/.aws/credentials file

let the resource pick up credentials from the IAM role assigned to the instance

Also new resources can now assume an STS role, with support for MFA as well. Instructions are below in the relevant section.

Using resource parameters

In order to pass the credentials to the resource, credentials must be available to the node. There are a number of ways to handle this, such as node attributes applied to the node or via Chef roles/environments.

We recommend storing these in an encrypted databag, and loading them in the recipe where the resources are used.

Assuming roles via STS and using MFA

The following is an example of how roles can be assumed using MFA. The following can also be used to assumes roles that do not require MFA, just ensure that the MFA arguments (serial_number and token_code) are omitted.

This assumes you have also stored the cfn_role_arn, and mfa_serial attributes as well, but there are plenty of ways these attributes can be supplied (they could be stored locally in the consuming cookbook, for example).

Note that MFA codes cannot be recycled, hence the importance of creating a single STS session and passing that to resources. If multiple roles need to be assumed using MFA, it is probably prudent that these be broken up into different recipes and chef-client runs.

filesystem_options - String of options to mount the filesystem with (default rw,noatime,nobootwait)

snapshots - array of EBS snapshots to restore. Snapshots must be taken using an ec2 consistent snapshot tool, and tagged with a number that indicates how many devices are in the array being backed up (e.g. "Logs Backup [0-4]" for a four-volume raid array snapshot)

This will create a new 50G volume from the snapshot ID provided and attach it as /dev/sdi.

aws_elastic_ip

The elastic_ip resource provider does not support allocating new IPs. This must be done before running a recipe that uses the resource. After allocating a new Elastic IP, we recommend storing it in a databag and loading the item in the recipe.

This will use the loaded aws and ip_info databags to pass the required values into the resource to configure. Note that when associating an Elastic IP to an instance, connectivity to the instance will be lost because the public IP address is changed. You will need to reconnect to the instance with the new IP.

You can also store this in a role as an attribute or assign to the node directly, if preferred.

aws_elastic_lb

elastic_lb functions similarly to elastic_ip. Make sure that you've created the ELB and enabled your instances' availability zones prior to using this provider.

aws_s3_file

s3_file can be used to download a file from s3 that requires aws authorization. This is a wrapper around the core chef remote_file resource and supports the same resource attributes as remote_file. See remote_file Chef Docs for a complete list of available attributes.

aws_instance_monitoring

Allows detailed CloudWatch monitoring to be enabled for the current instance.

aws_instance_monitoring "enable detailed monitoring"

aws_secondary_ip

The secondary_ip resource provider allows one to assign/unassign multiple private secondary IPs on an instance in EC2-VPC. The number of secondary IP addresses that you can assign to an instance varies by instance type. If no ip address is provided on assign, a random one from within the subnet will be assigned. If no interface is provided, the default interface (which is pulled from Ohai) will be used.

template_source: Required - the location of the CloudFormation template file. The file should be stored in the files directory in the cookbook.

parameters: An array of parameter_key and parameter_value pairs for parameters in the template. Follow the syntax in the example above.

disable_rollback: Set this to true if you want stack rollback to be disabled if creation of the stack fails. Default: false

stack_policy_body: Optionally define a stack policy to apply to the stack, mainly used in protecting stack resources after they are created. For more information, see Prevent Updates to Stack Resources in the CloudFormation user guide.

iam_capability: Set to true to allow the CloudFormation template to create IAM resources. This is the equivalent of setting CAPABILITY_IAM When using the SDK or CLI. Default: false

aws_dynamodb_table

Use this resource to create and delete DynamoDB tables. This includes the ability to add global secondary indexes to existing tables.

create: Creates the table. Will update the following if the table exists:

global_secondary_indexes: Will remove non-existent indexes, add new ones, and update throughput for existing ones. All attributes need to be present in attribute_definitions. No effect if the resource is omitted.

stream_specification: Will update as shown. No effect is the resource is omitted.

provisioned_throughput: Will update as shown.

delete: Deletes the index.

Attributes:

attribute_definitions: Required. Attributes to create for the table. Mainly this is used to specify attributes that are used in keys, as otherwise one can add any attribute they want to a DynamoDB table.

key_schema: Required. Used to create the primary key for the table. Attributes need to be present in attribute_definitions.

local_secondary_indexes: Used to create any local secondary indexes for the table. Attributes need to be present in attribute_definitions.

global_secondary_indexes: Used to create any global secondary indexes. Can be done to an existing table. Attributes need to be present in

attribute_definitions.

provisioned_throughput: Define the throughput for this table.

stream_specification: Specify if there should be a stream for this table.

aws_kinesis_stream

Use this resource to create and delete Kinesis streams. Note that this resource cannot be used to modify the shard count as shard splitting is a somewhat complex operation (for example, even CloudFormation replaces streams upon update).

License and Authors

Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.

Breaking changes:

Switched to Ohai to gather information on the AWS instance instead of direct AWS metadata calls. This also removes the node['region'] attribute, which is no longer necessary. If you would like to mock the region for some reason in local testing set node['ec2']['placement_availability_zone'] to the AZ, as this is used to determine the region, @tas50

aws-sdk gem is no longer loaded in default recipe

Other Changes

#172 Several new features (AWS CloudFormation Support, IAM Support, Kinesis, DynamoDB, and local auth options) @vancluever

Changes the AWS connect to not be shared accross resources. This allows each resource to run against a different region or use different credentials, @tas50